ISA 2004 to allow POP & SMTP traffic in and out. HTTP works fine! we cannot access our internet mail using Outlook client

We are a small company and our mail are hosted by Yahoo Business Email. We have installed and configured ISA 2004 on our network and the HTTP traffic is setup sucessfully, it is allowed through. The users can access their mail through HTTP but not through POP or SMTP using Outlook. I don't know where to configure ISA 2004 to allow POP & SMTP traffic. I have setup Rules for incoming and outgoing pop & smtp and allowed all users but still no luck! Can anyone tell me what I'm doing wrong? The ISA 2004 is running on a Win2003 and is added to the DC.
HOPEWWAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hbustanCommented:
Did you verify whether POP and SMTP works from anywhere else outside of your company and domain?

Perhaps it is not enabled from Yahoo in the 1st place?
0
HOPEWWAuthor Commented:
We used a Linux Firewall before installing ISA 2004 and it was accessable via our Outlook clients then, and we did get our pop and smtp details (pop.bizmail.yahoo.com ; smtp.bizmail.yahoo.com) from yahoo themselves. So it did work, and now nothing!
0
hbustanCommented:

Try adding a rule (for everyone) in your ISA to allow pop3 & smtp for all trafic coming from your internal network and going out.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

HOPEWWAuthor Commented:
Have done that! Do I need to create a rule for incoming aswell? What I've done is to create a pop rule from internal to external for all users. Do I need to copy this rule for external to internal for all users as well?
0
hbustanCommented:
I don't believe so, since these are TCP connections which means once the connection is established, 2-way communication is possible.

Try "Telnet pop.bizmail.yahoo.com 110" from command prompt
also try "Telnet 68.142.224.70 110" if above line fails (if this works but not the previous, then it is a DNS issue)

You should get something like this:

+OK hello from popgate on pop107.biz.mail.re2.yahoo.com 2.38.1


If you don't then perhaps you have other rules in your firewall that is overriding the rule to open port 110 (POP3)

Perhaps you have personal firewalls installed on your clients that might be blocking this as well

0
HOPEWWAuthor Commented:
In my ISA Network Rules section: The Internet Access rule provide 2 options under network relationships: NAT and Route, the default is NAT do I keep it on NAT or do I change it to Route?
0
hbustanCommented:
Hmmm, it depends on your network and what you want but I'm not sure if it affects the way SMTP and POP3 work or not. In our case we have it set to Route.

Route assumes that your clients have a valid Public Internet IP address not: 192.x.x.x or 10.x.x.x

If you do have a valid IP, maybe it is worth trying although I don't know how many users might be affected from this change at your end.
0
HOPEWWAuthor Commented:
Thanks so much for your help regarding this issue, you made me think again..... The ISA server was set to Route and not NAT. All my rules are setup correctly, and after changing the option from Route to NAT it all worked just fine. One last question, is there any security risks having this option enabled?
0
hbustanCommented:
I couldn't say there is no security risk whatsoever, but as long as your firewall has its rules set correctly and that you have blocked unwanted access on your firewall, then this minimizes the risks.

I would say NAT has one advantage over Route in a Security sense; namely, your actual client IPs will be unreachable from outside in a direct sense; but still once a communication link is established from a client PC, the other end will have some means in communicating back.

I think this is a personal preference more than a security concern as there are also many advantages of routing IPs instead of NATing as well but these advantages are not security related.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HOPEWWAuthor Commented:
Thanks so much for your help nd expertise helping us. Your time is much appreciated
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.